Wednesday, September 20, 2017

It solves the password problem without the capital costs or increased infrastructure management that you might incur with traditional on-premises solutions. With an easy to use dashboard for administrators and flexible authentication options for end users, Starling Two-Factor Authentication enables organizations to quickly and easily verify a user’s identity.

Monday, September 18, 2017

Dodging the taxman will become more difficult in the gig economy, as going cashless allows for better electronic tracking of payments. And the taxman has his sights next on Uber and Grab drivers.An Iras spokesman said: "To simplify tax filing and ease compliance for our taxpayers, Iras continually seeks ways to explore initiatives with third parties and platform providers to automate the transmission of income information directly into our tax systems."

What's the end state?

Definitely a gateway (Grab/Uber) with gateway (IRAS) integration with Grab/Uber automatically submitting drivers' earnings directly to IRAS - same as the one we are implementing right now for an Insurance agency in Singapore.

Tuesday, September 5, 2017

In my previous blog, I talked about a customer of mine who worried about too many calls hitting her API Gateway.

As we have seen quite a number of API deployment gone live, these are typical worries. One has to treat this type of project as a Full Lifecycle API Management journey. API deployment cannot be treated as a one-off project.

The worry that the customer had is where we will usually Initiate Optimize as illustrated in the diagram above.

Optimize the way the application requests for a OAuth2 access token by reusing an established access token

Optimize by increasing the OAuth2 access token timeout

Are we able to foresee every possible performance issue that will surface after go-Live? Very hard.

Why? APIs are exposed to consumers in the public. There are no fixed usage pattern. We can usually optimize based on past experience, but usually tweaking is required after go-Live for each deployment.

Monday, September 4, 2017

I was in a discussion with a customer today and we talked about how to reduce the number of calls to Kong API Gateway.

This particular API Gateway is only for internal applications communication, thus Client Credential Grant is configured on each endpoint.

The main concern was that prior to each endpoint call, the internal applications have to make a call to request for a OAuth2 access token. This will be 2 calls to the Kong API Gateway per endpoint.

But, hey, if this is a setup of internal applications communication, we can increase the access token timeout. And it is programming best practice to reuse established access token, rather than to get a new access token prior to each endpoint call.

There's a choice.

The APIs are not exposed to the public. If the application teams within the same company cannot cooperate with one another, there's nothing we can do about it.

The customer continued to probe further: "Can't we ask the application team to use the OAuth2 refresh token to exchange for a new OAuth2 access token?"